1# 2config INTEGRITY 3 def_bool y 4 depends on IMA || EVM 5 6config INTEGRITY_DIGSIG 7 boolean "Digital signature verification using multiple keyrings" 8 depends on INTEGRITY && KEYS 9 default n 10 select DIGSIG 11 help 12 This option enables digital signature verification support 13 using multiple keyrings. It defines separate keyrings for each 14 of the different use cases - evm, ima, and modules. 15 Different keyrings improves search performance, but also allow 16 to "lock" certain keyring to prevent adding new keys. 17 This is useful for evm and module keyrings, when keys are 18 usually only added from initramfs. 19 20source security/integrity/ima/Kconfig 21source security/integrity/evm/Kconfig 22